High
CVE-2022-30174
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
High
(2 users assessed)
High
(2 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
Microsoft Office Remote Code Execution Vulnerability.
Add Assessment
Ratings
-
Attacker ValueVery High
-
ExploitabilityVery High
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild Report
Ratings
-
Attacker ValueMedium
-
ExploitabilityMedium
Technical Analysis
CVE-2022-30174
Description:
Microsoft Office Remote Code Execution Vulnerability.
This attack requires a specially crafted file to be placed either in an online directory or in a local network location.
When a victim runs this file, it loads the malicious DLL or EXE file.
WARNING:
Use your Windows Defender turned on and update him regularly!!!
Conclusion:
-
- So. I’ve decided to test this stupid and forever stupid thing MS Office 365 which is from 7 maybe 10 years just like that. Some things will never change.
- So. I’ve decided to test this stupid and forever stupid thing MS Office 365 which is from 7 maybe 10 years just like that. Some things will never change.
Tested on Windows 11.
365 don’t give a f*** what you give him to execute, it depends on the lure…
For the
usual users: If you don’t have some virus protection software, you are lost…😯 😝 🤫 😛 😎STATUS: Medium vulnerability but it is there! Watch out, dear friends! 😎
Proof and Exploit:
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
Vendors
- Microsoft
Products
- Microsoft 365 Apps for Enterprise for 32-bit Systems,
- Microsoft 365 Apps for Enterprise for 64-bit Systems,
- Microsoft Office LTSC 2021 for 64-bit editions,
- Microsoft Office LTSC 2021 for 32-bit editions
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
V